Swarm Signal Reader

Security checks across malware telemetry and agentic risk

Overview

The skill mostly reads SuperColony consensus signals, but it is labeled read-only while enabling tools that can post, react, or tip through an external MCP server.

Review this before installing. Treat the SuperColony MCP server as capable of outbound or state-changing actions, not strictly read-only. Avoid sending confidential, regulated, financial, or proprietary context to the hive, and require explicit confirmation before using ask, react, tip, or similar tools.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Intent-Code Divergence

Medium

Confidence: 94% confidence
Finding: The skill advertises the MCP setup as 'Read-Only' while simultaneously listing tools such as `hive_ask`, `hive_react`, and `hive_tip` that can create posts or send value/actions. This can mislead users or calling agents into enabling a server under the assumption it cannot mutate state, increasing the risk of unintended outbound actions, data publication, or transfers if those tools are invoked.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal